Lookout’s Open Source Privacy Policy Could Change the Game on Mobile App Transparency

It’s taken as a truism that “no one understands the privacy policy.” Lookout, a startup that focuses on mobile privacy and security, wants to change that with its new open source privacy policy toolkit. The project seeks to improve the current poor state of mobile app transparency. It grew out of the Department of Commerce National Telecommunications and Information Administration’s recent multistakeholder process, which CDT participated in, aimed at creating a set of best practices to promote mobile app transparency.

Lookout hopes to allow more users to understand the privacy and security practices of mobile apps and how each app collects and shares their information. With vast amounts of information being collected and used by app developers, users need to be able to exercise some control their devices and understand what’s being done with their data. Lookout’s toolkit will hopefully help do just that.

Privacy policies and terms of service provisions are often lengthy documents, drafted by lawyers and filled with clauses and statements that most users don’t read or fully understand. Because privacy policies and terms of service provisions are filled with legal jargon that companies may not want to explain to users, consumers often have to dig and parse out how exactly a service functions, what rights the provider is reserving, and what practices are permissible. For mobile devices, which can collect a great deal of sensitive data such as location, address books, and photos and videos, it’s especially important that consumers know what a specific app does, how, and why.

Lookout’s visual privacy policy helps consumers understand what their apps do, and we hope that developers use the open source code accessible on Github to communicate their practices with users. By using a visual interface, Lookout has made it easier for users to understand specific practices, compared to lengthy clauses in written documents. The visual layout doesn’t mean that companies shouldn’t also provide detailed written statements of their privacy practices – such statements are a key method of holding companies accountable when they make mistakes or misrepresentations – but the visual component may do a better job of communicating app practices to consumers.

Specifically, the interface highlights two main pieces of information: “What do we collect?” and “Who do we share with?” The former describes the types of information that an app collects, including contact information, location data, and browser history, among other types. The latter focuses on the third parties that developers share data with – including phone carriers, government, ad networks, and data resellers. By focusing on these two considerations, the interface communicates to users some of the most crucial practices that implicate individual privacy interests. Coupled with more extensive and complete disclosures in a longer privacy policy, the short form notice that the interface provides will hopefully increase consumer understanding and awareness of app practices.

Because Lookout has released the code as open source, we hope that other app developers will incorporate the toolkit into their own products. The NTIA process on mobile app transparency was intended to improve business practices in the mobile space and increase consumer understanding, and the Lookout toolkit is a promising step in that direction. By incorporating the toolkit and other privacy and security sensitive measures into their products from the early stages of development, app developers can avoid issues down the line that could affect their user base or bring government enforcement actions. Considering consumer privacy issues from the start – and determining how best to communicate those practices to users – is something all developers should do.